similar to: Firewall up not letting traffic through

Hi, I realise that one can simply start fail2ban and then it will insert its own ruleset before shorewall''s ruleset. Are there subscribers to this list having alternative (and probably better) ways to use both fail2ban and shorewall? Thanks, Mark ------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90

Hello, I''m migrating my laptop setup to a shiny new ThnikPad W520 and in the process am getting rid of VirtualBox (marked by kernel maintainers as "unsupportable crap" or some such) and shifting to virt-manager/kvm. As with the old setup I am running shorewall-init exactly as the great online documentation lays it out. BUT: with VBox it was enough to add > net

Hi, in shorewall version 3.4.8 used this rule to block access to Facebook through port 443 (https): /shorewall/rules: REJECT loc net:69.171.224.12, 69.171.224.0/19,69.63.176.0/20,66.220.144.0/20 tcp 443 What I did was block the public IP network segment to fitthrough https. Now I use this same rule in version 4.4 and I works already. Has anything changed in this

Hi list! I would like to modernize my server at home which is still running Shorewall 3. The server will be running CentOS 6.2 but i also want to use KVM virtualization to run a Windows host on the same box that i can log in to remotely. I looked through the documentation samples on the shorewall site and found several bridging configurations but they do not match my setup, yes it will

Shorewall 4.5.1.1 is now available for download. Problems Corrected: 1) When checking or compiling for export (-e option), /sbin/shorewall would previously issue a warning message if the SHOREWALL_SHELL specified in the remote firewall''s shorewall.conf did not exist. 2) The changes to TOS handling in 4.5.1 are incompatible with older releases such as RHEL5 and

Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Previously /var/log/shorewall*-init.log was created in the wrong Selinux context. The rpm''s have been modified to

Beta 1 is now available for testing. ---------------------------------------------------------------------------- I. P R O B L E M S C O R R E C T E D I N T H I S R E L E A S E ---------------------------------------------------------------------------- 1) Previously /var/log/shorewall*-init.log was created in the wrong Selinux context. The rpm''s have been modified to

hi, I am using speex1.2beta2 on a TI 54x on narrow band I have been trying to get speex to work for a while now, and it's been a real teeter-totter ride. For a long time I noticed that I will get a project to work and then without changing any code and programming it to an eprom/flash the project will not work. It turns out it was a value called innov_save. I found this bugger by zero

Hi I have shorewall/iptables running on my server (pub) but access to localhost is blocked then I attemp to use ping localhost, telnet localhost 25, echo Hello | sendmail -v root@localhost. All these commands were run after using shorewall reset and creating the attached file. All these commands work with shorewall clear. My problem is I can''t email the root messages from (pub) to

I have a multi-isp configuration: CGCO 1 256 main $CGCOIF detect track,balance br-lan,tun0 IGS 2 512 main $IGSIF detect track,fallback br-lan,tun0 where I force SMTP out one of the connections: 512:P br-lan - tcp 25 But the effect of that of course is that if IGS goes down, SMTP will leak out of the CGCO connection. How can I prevent that? Cheers, b.

Hi All, I use rather old Shorewall 3.2.6 and I know it''s no longer supported. I haven''t been updating the software because it works as intended until now. The problem is a simple DNAT rule. I actually have around 8 DNAT rules and they all work just fine. Here is what I want to achieve. I have a SMTP server in my LAN (lets say address 192.168.1.10). The SMTP daemon listens on

Hi, My firewall is a machine running Debian Squeeze with shorewall 4.4.11.6. /etc/shorewall/policy says this: loc $FW ACCEPT loc loc ACCEPT loc net ACCEPT $FW net ACCEPT $FW loc ACCEPT net all DROP # info all all REJECT

I have an admin machine, and a backup server which does backups. The backup server has IPMI so I can do lights-out admin, and I want to allow this from the admin machine only. IPMI is completely unfirewalled, and so it must have a different class C than working networks.... this is just how it is. I''ve set the IPMI IP on the backup server to 192.168.10.4, and created a virtual

Hi all, An update. On 10/26/20 10:24 PM, Andrew Bartlett wrote: > The fact that there is a viable workaround (pass-though authentication) > also seems to be making this harder to fix - because it remains an > annoyance, not a deal-breaker. Today I tried again with these ingredients: - fresh azure tenant - fresh installed AD (samba 4.12.8 sernet) - an azure "custom domain

That is a major bummer. :-( Would it work any better, if I promoted our windows 2012 server to a domain controller? Or would that have all kinds of other side-effects..? (we're currently running three dc's, all samba) One side-effect I can think of: GPO's, in a mixed samba/windows DC...? Any ideas what the requirements on the samba side would be, for samba to be able to

just small update: - idfix tool (Directory Synchronization Error Remediation Tool / https://github.com/microsoft/idfix) shows just small issues like empty/missing displayName attrib in some of objects which I have corrected and no more issues present at all. - no errors from AAD connect event viewer: final log message is "Scheduler::SchedulerThreadMain : Completed configured scheduler

Hi Michal, Seems we are doing similar things at the moment: getting samba to work with azure AD. We also see the high CPU usage on the DC that the Azure AD Connect server connected to. Between 70 - 100 percent in our case. We are not seeing any replication issues after azure AD Connect, and I have a script that automatically checks replication every few minutes. I was the one reporting the

On 3/11/23 04:33, Andrew Bartlett via samba wrote: > On Fri, 2023-03-10 at 13:06 -0800, Ray Klassen via samba wrote: >> I'm very interested in this. Can one of the devs elaborate on what has been >> accomplished with this? Specifically, I'd like to know if the support is >> bidirectional -- can azure change passwords in samba ad? > > No, I just fixed the issue

Hi, We setup the microsoft azure AD Connect on a windows 2012 server, to start using (testing) office 365 in the future. We're running a samba 4.4.4 AD. This all worked, in the portal.office.com admin section we can see that: > Company Name COMPANY > Domains verified 2 > Domains not verified 1 > Directory sync enabled true > Last directory sync last synced 3

hello our AD domain is hosted by two samba AD domain controllers version 4.12.6 - replication between controllers is fine, no problems. - no schema errors. - no database errors, all fine. - no CPU utilizations - wthout noticeable bandwidth utilization Recently we have deployed Azure AD connector on dedicated windows system (system is domain member server). since this deployment we are observing